BYOD Policy

Cellphones, tablets, and laptops have completely revolutionized the way people work. Now we can take our devices with us to the office, home, or even on the go during business meetings, trips, and even on personal holidays. No matter where we are, we have access to everything we need to have a productive workday right at our fingertips.

But how do you create a successful BYOD Policy for your office?

By creating a thorough and employee-based Bring Your Own Device (BYOD) strategy, you can help turn one of today’s modern technological feats into boosted productivity for your business.

Top Considerations When Developing a BYOD Policy:

1. Specify What Devices Are Permitted

With so many portable devices available to your employees, it is important to establish which ones are allowed for work based-functions and which ones aren’t. For example, your employees may have a tablet, cell-phone, and a laptop. With so many devices, it can be hard to figure out which ones work best for your needs.

If you have employees who treat their tablet as a laptop, they may feel restricted and unable to bring them if you only specify that laptop computers are allowed and vice versa. You want to determine which devices will help your business goals and which ones could potentially hinder it.

For example, cellphones are great BYOD when concerning sales or those who work first-hand with clients continuously (such as lawyers). They, however, may be problematic for individuals who are doing data-entry, clerical duties in which calls need to be transferred, or for those who need to remain focused on the task at hand without texts and phone calls coming in.

2. Ensure That Any Devices On Your Servers Are Following Your IT Security Policy

If your work deals with sensitive information, you want to ensure that your IT Security Policy is being followed on all devices used for your business’s purposes, including personal devices. While none of your employees would likely steal valuable information from one another, it does present a risk when your employee travels. He or she could lose a phone or laptop that isn’t password-protected, putting your company at increased risk.

It is also beneficial to ensure that all devices being used by your company, whether personal or commercial, are protected by internet security. Hackers will go after any device for sensitive information and you want to make sure that your business is protected.

3. Checklist: Criteria for Developing a BYOD Policy

Creating boundaries and ensuring your employees understand those boundaries will help prevent issues concerning what can and can’t be done with personal devices.

You will want to ensure that your policy answers and touches on the following:

  • What devices can be specifically permitted onto the company’s network?
  • What security protocols must employees and devices follow?
  • Give clear directions on how foreign devices, cellphones, and tablets, can access the data on your business’s network.
  • Ensure that your staff understands who owns the apps and data being kept and used on their devices.
  • Decide which actions cannot be performed on personal devices, such as entry of sensitive information.
  • Combine your BYOD strategy alongside an acceptable use strategy to ensure that devices are not being used for personal purposes on company hours.
  • Create a plan to quickly and securely add and remove users.

Considerations on Device Wiping, Upgrades, Lost Devices

It seems kind of silly to think anyone other than your company owns the data and apps being stored for company use on devices, whether personal or commercial. However, this can become a bit hectic when an individual is looking to wipe their device when they are upgrading, or if they lose it.

Why is this an issue? Typically, all of the content on the phone is erased, including personal pictures, music, and apps that your individual may have purchased for his or her use. While the work information may be found on commercial devices and networks, personal information is not. This creates a problem for businesses when personal and business interests conflict.

Your employee may have reservations about wiping his or her phone, in order to keep personal data. However, that could create a security risk for your business. Your BYOD plan needs to make it clear that individuals using their own device have to wipe their device when that device becomes compromised to protect the business. This way, it gives your employee the right to decide whether or not he or she wants to risk using a work device to hold sensitive personal information.

4. Checklist: Acceptable Use Policy and BYOD Policy

It is important to ensure that both of these policies are working hand in hand. While your business may already have an acceptable use policy for their commercial devices, it is equally important for these to apply for personal devices. The acceptable use policy should answer the following questions;

  • If an employee posts on social media while using your company’s VPN tunnel, is that a violation of the acceptable use policy?
  • What if the employee is browsing objectionable content and websites on their own devices VPN?
  • What happens if they transmit material that may not be appropriate for work use over your network, even if they are using their own devices? What actions will be taken for such actions?
  • How will device usage be monitored to enforce company device usage policies?
  • Does your company have the right to set up rules concerning the use of devices in the workplace?

4. Setting Up an Exit Strategy for Employee Devices

When employees move to another company or leave your company for any reason, you want to ensure that they are not taking your company’s sensitive information with them. You need to set up a plan for the removal of access tokens, removing work email access, data access, and other proprietary information from their device.

Professional Outsourced IT Services

At Blue Jean Networks, we promote small and medium-sized businesses efficiency by disseminating expert IT services and support. For more information about our vast array of services, including comprehensive mobile device management and IT consulting, call our team today!